"_). Track progress and tick off checklist items in that issue — do **not** edit the checkboxes in this file. This document remains the canonical template for all future onboardings.
>
> **Improving this template:**
> If you find that this document does not reflect the realities of onboarding (missing steps, outdated information, etc.), please open a pull request to update it.
The checklist is split into two parts:
- **[For the onboarding coordinator](#for-the-onboarding-coordinator)** — actions that an existing maintainer or project coordinator must perform on behalf of the new maintainer.
- **[For the new maintainer](#for-the-new-maintainer)** — actions the new maintainer should complete themselves.
Once onboarding is complete, both parties should confirm each item is ticked off in the tracking issue.
---
## For the Onboarding Coordinator
These steps require elevated access and must be completed by an existing maintainer or project coordinator.
### GitHub Access
- [ ] Add the new maintainer to the [flatcar-maintainers](https://github.com/orgs/flatcar/teams/flatcar-maintainers) GitHub team.
- [ ] Verify the new maintainer has appropriate permissions on all relevant repositories (see [MAINTAINERS.md](./MAINTAINERS.md) for the list of repositories).
- [ ] Assign the new maintainer to the relevant PR review groups based on their area of focus, for example:
- `flatcar-ci`
- `nebraska-maintainers`
- Other repository-specific teams as applicable.
- [ ] If the new maintainer will be involved in release management, add them to the Nebraska read-only (`ro`) or read-write (`rw`) groups in the Nebraska release process as appropriate. See [RELEASES.md](./RELEASES.md) for the full release guide.
### CNCF Registration
- [ ] Add the new maintainer to the [CNCF project maintainers list](https://github.com/cncf/foundation/blob/main/project-maintainers.csv) by opening a pull request against the [cncf/foundation](https://github.com/cncf/foundation/) repository (see [example PR](https://github.com/cncf/foundation/pull/1075)).
- [ ] Ensure the new maintainer has access to CNCF accounts and services used by the project (e.g. CNCF service desk, CNCF Slack).
### Mailing Lists
Add the new maintainer to the following mailing lists:
**Private lists** (maintainer-only):
- [ ] `maintainers@flatcar-linux.org` — maintainer coordination and voting
- [ ] Infra mailing list — infrastructure and operational discussions
- [ ] Security mailing list — undisclosed security issue handling
**Public lists** (community-facing):
- [ ] [Flatcar Users](https://groups.google.com/g/flatcar-linux-user)
### Infrastructure Access
Grant the new maintainer access to the following infrastructure systems (at minimum read/user level; escalate as required by their role):
- [ ] Jenkins (CI)
### Communication and Collaboration Tools
- [ ] Grant access to the shared Flatcar events Google Calendar.
- [ ] Grant access to the Flatcar YouTube channel.
- [ ] Grant access to the [HackMD](https://hackmd.io) workspace used for collaborative documents.
### Linux Foundation
- [ ] Ensure the new maintainer has a Linux Foundation account.
- [ ] Grant access to the Linux Foundation Jira project used for tracking Flatcar work items.
---
## For the New Maintainer
These are steps you should complete yourself after your coordinator has provisioned your access.
### GitHub
- [ ] Accept the invitation to the [flatcar GitHub organisation](https://github.com/flatcar) and the `flatcar-maintainers` team.
- [ ] Review the list of repositories you have been added to and familiarise yourself with their purpose (see [MAINTAINERS.md](./MAINTAINERS.md)).
- [ ] Review the [Governance document](./governance.md) to understand the project's decision-making process, voting, and maintainer responsibilities.
### Calendar and Meetings
- [ ] Add the Flatcar community calendar to your calendar app using the iCal link:
`https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics`
- [ ] Alternatively, subscribe via the [Google Calendar link](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com).
- [ ] Attend your first [Flatcar Developer Sync](https://meet.flatcar.org/OfficeHours) — check the community calendar for the current schedule.
- [ ] Attend your first [Flatcar Office Hours](https://meet.flatcar.org/OfficeHours) — check the community calendar for the current schedule.
### Mailing Lists
- [ ] Confirm you have been added to the private maintainer, infra, and security mailing lists and that you can send and receive messages.
- [ ] Confirm you have been subscribed to the [Flatcar Users](https://groups.google.com/g/flatcar-linux-user) public mailing list.
### Community Channels
- [ ] Join the Flatcar Discord server: [discord.gg/PMYjFUsJyq](https://discord.gg/PMYjFUsJyq)
- [ ] Join the Flatcar Matrix room: [#flatcar:matrix.org](https://app.element.io/#/room/#flatcar:matrix.org)
- [ ] Join the [#flatcar channel](https://kubernetes.slack.com/archives/C03GQ8B5XNJ) in the Kubernetes Slack workspace.
### Infrastructure and Tooling
- [ ] Verify your access to Jenkins
- [ ] Log in to HackMD and confirm access to shared Flatcar documents.
- [ ] Log in to the Linux Foundation Jira and confirm access to the Flatcar project board.
- [ ] Verify CNCF account access.
### Knowledge Sharing
- [ ] Schedule onboarding knowledge-sharing sessions with existing maintainers to cover key areas of the project. Suggested topics include:
- Overview of the Flatcar build system and SDK
- CI/CD pipeline and infrastructure
- Release management process (see [RELEASES.md](./RELEASES.md))
- Security response process
- Governance and decision-making
- [ ] Read through the [Flatcar developer guides](https://www.flatcar.org/docs/latest/reference/developer-guides/) and the [SDK how-to](https://www.flatcar.org/docs/latest/reference/developer-guides/sdk-modifying-flatcar/).
- [ ] Review the [CONTRIBUTING.md](./CONTRIBUTING.md) guide.
- [ ] Review the [SECURITY.md](./SECURITY.md) policy.
- [ ] Review the [CODE_OF_CONDUCT.md](./CODE_OF_CONDUCT.md).
---
## Questions and Support
If you have any questions during onboarding, please reach out to the maintainer team via:
- Discord: [discord.gg/PMYjFUsJyq](https://discord.gg/PMYjFUsJyq)
- Matrix: [#flatcar:matrix.org](https://app.element.io/#/room/#flatcar:matrix.org)
- Slack: [#flatcar](https://kubernetes.slack.com/archives/C03GQ8B5XNJ) in the Kubernetes Slack org
- Private maintainer mailing list: `maintainers@flatcar-linux.org`
================================================
FILE: README.md
================================================
[](https://www.flatcar.org/)
[](https://discord.gg/PMYjFUsJyq)
[](https://app.element.io/#/room/#flatcar:matrix.org)
[](https://kubernetes.slack.com/archives/C03GQ8B5XNJ)
[](https://x.com/flatcar)
[](https://hachyderm.io/@flatcar)
[](https://bsky.app/profile/flatcar.org)
[](https://www.bestpractices.dev/projects/10926)
> **Note:** To file an issue for any Flatcar repository, please use the [central Flatcar issue tracker](https://github.com/flatcar/Flatcar/issues).
# Flatcar Container Linux
Welcome to the Flatcar community! Whether you're a user, contributor, or just curious — we're glad you're here! 👋
_Flatcar Container Linux is a fully open source, minimal-footprint, secure by default and always up-to-date Linux distribution for running containers at scale._
Flatcar ships only the essentials needed to run containers — no package manager, no configuration drift. Its immutable, read-only filesystem minimizes attack surfaces, and atomic, automated updates keep your system secure and up-to-date without manual intervention.
Don't forget to check out [flatcar.org](https://www.flatcar.org/) for documentation, guides, and other useful resources!
## Table of Contents
- [Flatcar Container Linux](#flatcar-container-linux)
- [Table of Contents](#table-of-contents)
- [Install and Operate Flatcar](#install-and-operate-flatcar)
- [Communication Channels](#communication-channels)
- [Social Media](#social-media)
- [Community Meetings](#community-meetings)
- [Office Hours](#office-hours)
- [Developer Syncs](#developer-syncs)
- [Report Bugs and Request Features](#report-bugs-and-request-features)
- [Participate and Contribute](#participate-and-contribute)
- [Becoming a Maintainer](#becoming-a-maintainer)
- [Project Status and Roadmap](#project-status-and-roadmap)
- [Release Process](#release-process)
- [LTS](#lts)
- [Project Governance](#project-governance)
- [Code of Conduct](#code-of-conduct)
- [Reference](#reference)
---
## Install and Operate Flatcar
Flatcar Container Linux has a dedicated [documentation site](https://www.flatcar.org/docs/latest/). Start here:
- [Getting Started](https://www.flatcar.org/docs/latest/installing/) — covers Ignition, local testing with QEMU, automatic updates, and cloud providers
| Resource | Link |
| --------------------------- | -------------------------------------------------------- |
| **Current Releases** | [flatcar.org/releases](https://www.flatcar.org/releases) |
| **Interoperability Matrix** | [interop-matrix.md](interop-matrix.md) |
| **CIS Benchmarks** | [CIS reports](CIS/README.md) |
---
## Communication Channels
We're a friendly bunch and always excited to chat! Here's where you can find us:
| Channel | Link |
| ------------------------ | -------------------------------------------------------------------------------------------------------------- |
| **Discord** (preferred) | [discord.gg/PMYjFUsJyq](https://discord.gg/PMYjFUsJyq) — text, voice & video with contributors and maintainers |
| **Matrix** | [#flatcar:matrix.org](https://app.element.io/#/room/#flatcar:matrix.org) |
| **Slack** | [#flatcar](https://kubernetes.slack.com/archives/C03GQ8B5XNJ) (Kubernetes Slack) |
| **GitHub Discussions** | [flatcar/Flatcar/discussions](https://github.com/flatcar/Flatcar/discussions) |
| **Mailing List (Users)** | [flatcar-linux-user](https://groups.google.com/g/flatcar-linux-user) |
> 💡 Want to report a bug or request a feature? [File an issue](https://github.com/flatcar/Flatcar/issues/new/choose). Have a question or not sure where to start? Jump into one of our chats and ask — we're happy to help!
#### Social Media
| Platform | Link |
| ------------ | ------------------------------------------------------ |
| **Mastodon** | [@flatcar@hachyderm.io](https://hachyderm.io/@flatcar) |
| **Bluesky** | [@flatcar.org](https://bsky.app/profile/flatcar.org) |
| **X** | [@flatcar](https://x.com/flatcar) |
### Community Meetings
Come say hi! Check our [Google Calendar](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com) ([iCal](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)) for all meeting times.
#### Office Hours
| | |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| **When** | 2nd Wednesday of every month at 2:30pm UTC (double check calendar) |
| **Where** | [meet.flatcar.org/OfficeHours](https://meet.flatcar.org/OfficeHours) (all you need is a browser, no installations/accounts required) |
| **Agenda** | [Office Hours Discussions](https://github.com/flatcar/Flatcar/discussions/categories/flatcar-office-hours) |
Engage with the Flatcar community, learn about project directions, discuss contributions, and catch occasional demos of image-based Linux technologies. Each call includes a brief Release Planning update.
#### Developer Syncs
| | |
| ---------- | ------------------------------------------------------------------------------------------------------------------------------------ |
| **When** | 4th Wednesday of every month at 2:30pm UTC (check calendar) |
| **Where** | [meet.flatcar.org/OfficeHours](https://meet.flatcar.org/OfficeHours) (all you need is a browser, no installations/accounts required) |
| **Agenda** | [Developer Sync Discussions](https://github.com/flatcar/Flatcar/discussions/categories/flatcar-developer-sync) |
Backlog grooming, task planning, roadmap discussions, and day-to-day issues. If you want to get hands-on with development, this is the call for you!
> 🎥 All meetings are live-streamed on YouTube — recordings are linked in each meeting's agenda.
---
## Report Bugs and Request Features
Found a bug or have a feature request? [File an issue](https://github.com/flatcar/Flatcar/issues/new/choose) — please select the appropriate issue type to help us triage.
> 💡 **Tip:** Want a new package in the base image? Use the "New Package Request" issue type and check out the [package addition guidelines](adding-new-packages.md).
---
## Participate and Contribute
Thinking of making a contribution? Engage with the project early — comment on an existing issue or create a new one. Making your intent visible is often the key to getting your work accepted!
For full details, check out our [Contributing Guide](CONTRIBUTING.md) which covers:
| Topic | What you'll find |
| ---------------------- | ------------------------------------------------------------------------------------------------------- |
| **Ways to Contribute** | Code, docs, community, outreach, and more |
| **Finding Issues** | Labels like `good first issue` and `help wanted` |
| **Development Setup** | SDK walkthrough and [developer guides](https://www.flatcar.org/docs/latest/reference/developer-guides/) |
| **PR Lifecycle** | From filing to merge |
| **Commit Guidelines** | Format, style, and best practices |
> 🌟 **New to Flatcar?** Consider building a [Flatcar App](https://github.com/flatcar/Flatcar/issues/2029) — a great hands-on way to learn!
### Becoming a Maintainer
The Flatcar maintainer path is laid out in our [governance document](governance.md).
---
## Project Status and Roadmap
| Board | Description |
| ------------------------------------------------------------------------ | ---------------------------------------------------------- |
| [**Issue Tracker**](https://github.com/flatcar/Flatcar/issues) | Short-term concerns — bugs and minor enhancements |
| [**Tactical Board**](https://github.com/orgs/flatcar/projects/7/views/1) | What maintainers and contributors are currently working on |
| [**Release Board**](https://github.com/orgs/flatcar/projects/7/views/8) | Completed items assigned to upcoming releases |
| [**Releases Tracker**](https://github.com/orgs/flatcar/projects/7/views/24) | Track the status of each release across all channels |
| [**Roadmap Board**](https://github.com/orgs/flatcar/projects/7/views/9) | Epics, major features, and long-term items |
---
## Release Process
Flatcar Container Linux follows an **Alpha → Beta → Stable** release process:
- **New features** and major version upgrades enter Alpha, transition to Beta, then land in Stable.
- **Bug fixes** are released directly to the affected channel (Alpha fixes go to Alpha, Beta to Beta, Stable to Stable).
Within each channel, updates are planned on a **14-day cadence**. Major releases follow a broader rhythm:
| Promotion | Target cadence |
|-----------|----------------|
| New major **Alpha** | Monthly |
| Alpha → **Beta** | Every 2 months |
| Beta → **Stable** | Every 3–4 months |
| New **LTS** | Yearly |
Up-to-date planning status is reflected in our [release planning board](https://github.com/orgs/flatcar/projects/7). For the full release process documentation, see the [Release Guide](RELEASES.md).
### LTS
Some users prefer to avoid frequent version upgrades. The Flatcar **LTS channel** provides a longer support window:
| Detail | Value |
| ---------------------- | ------------------------- |
| **Based on** | A "golden Stable" release |
| **Maintenance period** | 18 months |
| **New LTS frequency** | Every 12 months |
| **Upgrade window** | 6 months overlap |
---
## Project Governance
Flatcar is a community-driven project. Every participant — bug reporter, feature requester, code contributor — is considered a contributor. Maintainers have commit access and help govern the project, driving it forward and maintaining its scope and vision.
For full details see our [governance document](governance.md).
| Resource | Link |
| ------------------- | -------------------------------- |
| **Governance** | [governance.md](governance.md) |
| **Maintainers** | [MAINTAINERS.md](MAINTAINERS.md) |
| **Security Policy** | [SECURITY.md](SECURITY.md) |
---
## Code of Conduct
We follow the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).
Please contact the [private Maintainer mailing list](mailto:maintainers@flatcar-linux.org) or the Linux Foundation mediator, Mishi Choudhary ([mishi@linux.com](mailto:mishi@linux.com)), to report an issue.
---
## Reference
| Document | Description |
| -------------------------------------------------- | -------------------------------------------------------------------------------------- |
| [CONTRIBUTING.md](CONTRIBUTING.md) | How to contribute — finding issues, development setup, PR lifecycle, commit guidelines |
| [RELEASES.md](RELEASES.md) | Release channels, downloads, and the release process |
| [governance.md](governance.md) | Project governance model, maintainer roles, and decision-making |
| [MAINTAINERS.md](MAINTAINERS.md) | Current list of project maintainers |
| [EMERITUS_MAINTAINERS.md](EMERITUS_MAINTAINERS.md) | Former maintainers who have stepped down |
| [ONBOARDING.md](ONBOARDING.md) | Checklist for onboarding new maintainers |
| [SECURITY.md](SECURITY.md) | Security policy and vulnerability reporting |
| [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) | CNCF Code of Conduct |
| [adding-new-packages.md](adding-new-packages.md) | Guidelines for requesting and adding new packages to Flatcar |
| [interop-matrix.md](interop-matrix.md) | Platform and provider interoperability matrix |
| [CODEOWNERS](CODEOWNERS) | Code ownership and review assignments |
| [LICENSE](LICENSE) | Project license (Apache 2.0) |
================================================
FILE: RELEASES.md
================================================
# Flatcar Releases
Flatcar Container Linux uses **automatic, atomic updates** to keep your system secure and up-to-date without manual intervention. Each Flatcar instance receives updates from one of four release channels:
- **Alpha** — the bleeding edge. New features, major version upgrades, and experimental changes land here first. Expect frequent updates and occasional rough edges.
- **Beta** — a stabilization step. Changes that have proven themselves in Alpha are promoted here for broader testing before reaching production.
- **Stable** — the default and recommended channel for production workloads. Only thoroughly tested releases make it here.
- **LTS** — the gold standard for stability. An LTS release is cut from a battle-tested Stable version that has proven itself exceptionally reliable across the community. It receives only critical security and bug fix updates for **18 months**, with a new LTS published every 12 months and a 6-month overlap between consecutive LTS releases so you have plenty of time to upgrade. Ideal for environments where predictability and minimal change are paramount.
Each channel always points to its latest version as the `current` release. Every release has its own version number and dedicated release notes. Bug fixes are shipped directly to the affected channel — an Alpha fix goes to Alpha, a Beta fix to Beta, a Stable fix to Stable, and an LTS fix to LTS.
Within each channel, updates are planned on a **14-day cadence**. Major releases follow a broader rhythm:
| Promotion | Target cadence |
|-----------|----------------|
| New major **Alpha** | Monthly |
| Alpha → **Beta** | Every 2 months |
| Beta → **Stable** | Every 3–4 months |
| New **LTS** | Yearly |
You can learn more about switching between channels and configuring update behavior in the [channel docs](https://www.flatcar.org/docs/latest/setup/releases/switching-channels/).
## Download Images
Browse all available releases at [flatcar.org/releases](https://www.flatcar.org/releases/). Click `amd64` or `arm64` on the channel overview to download images for the `current` release, or navigate to a specific version's release notes to grab that particular build. You'll be able to choose from images for many platforms and cloud providers. The [installation docs](https://www.flatcar.org/docs/latest/installing/) have a quick start guide and information about public images directly available at each cloud provider.
## Track Releases
| Resource | Link |
|----------|------|
| **Releases Tracker** | [Project board](https://github.com/orgs/flatcar/projects/7/views/24) — status of each release across all channels |
| **Release issues** | [kind/release](https://github.com/flatcar/Flatcar/issues?q=is%3Aissue+state%3Aopen+label%3Akind%2Frelease) — upcoming and in-progress releases that populate the tracker |
## Release Process
For the full release process documentation — how releases are built, tested, signed, and published — see the [Release Guide](https://www.flatcar.org/docs/latest/reference/developer-guides/release-guide/) on the Flatcar documentation site.
Have questions about releases or updates? Join one of our [chats or community calls](https://github.com/flatcar/Flatcar/blob/main/README.md#communication-channels) — we're always happy to help!
================================================
FILE: SECURITY.md
================================================
# Flatcar Security
To keep Flatcar secure, the maintainers put a strong focus on tracking new and existing security issues.
Dealing with Security concerns is owned by the [Flatcar Security team](https://github.com/orgs/flatcar/teams/flatcar-security-team), a subset of the Maintainers team, and elected by the Maintainers (see [governance.md](./governance.md)).
While the team actively researches and tracks new and existing security issues, it may also be notified of issues via [security@flatcar-linux.org](mailto:security@flatcar-linux.org).
The Security team meets on a fortnightly cadence, in a private video call.
The team maintains an internal list of security Primaries and Secondaries, which are rotated on a weekly basis.
The Primary and Secondary are expected to actively engage in security work each day, including executing the Runbook (see below) and working on fixing ongoing security issues.
Undisclosed security issues are tracked in a private repository only accessible by members of the security team.
Public issues are tracked publicly in the project's main issue tracker.
Security issues are addressed by releasing an updated OS image. Releases may be expedited depending on the issues' severity. For each release, release notes contain a concise list of security issues fixed. Also, a separate, detailed report on each of the issues addressed is part of every release.
## Daily security runbook for Security team primaries and secondaries
The runbook below discusses steps for identifying new potential security issues and for making the issues known to the Flatcar project's maintainers and/or the other members of the Security team.
Primaries are expected to execute the runbook at least once per day, optionally assisted or off-loaded by Secondaries.
Every day look into upstream security trackers like below:
- Gentoo security vulnerabilities. It might be useful to use gorss + RSS feed for this.
- oss-security mailing list
- Golang announce mailing list
- Rust security announcements
- (optional) issue trackers of other distros
- Whenever we discover any new CVE, we add it to an internal database, and use automation tools to create a new issue about the CVE in [Flatcar GitHub issues](https://github.com/Flatcar/Flatcar/issues) with labels `security` and `advisory`.
- If an issue for updating the specific package affected by the new CVE is already open in [Flatcar GitHub issues](https://github.com/Flatcar/Flatcar/issues), then unfortunately we need to manually edit the existing issue to add the new CVE.
================================================
FILE: adding-new-packages.md
================================================
# Proposing new packages for inclusion into Flatcar Container Linux
Flatcar Container Linux is a modern Linux distribution for running container workloads.
To stay modern, the packages included need to be kept up-to-date, and sometimes new packages introduced.
This documents explains the process for the latter.
## Project definition
When proposing new packages for inclusion into Flatcar Container Linux, it's important to keep in mind how the project defines itself:
_Flatcar Container Linux is a fully open source, minimal-footprint, secure by default and always up-to-date Linux distribution for running containers at scale._
## New package criteria
As a minimal Linux distribution, the tools and applications included in Flatcar Container Linux are to be kept to a minimum.
This is to reduce both the image size and attack surface.
Package addition requests are evaluated with this in mind.
Other criteria that are weighed are the following.
- ***Secure by default***: Does the package increase the security of Flatcar?
- ***Always up-to-date***: Is the package actively maintained?
- ***Running containers***: Does the package make Flatcar more relevant for container environments?
- ***At scale***: Does the package improve automation of or telemetry served by Flatcar and/or ease operational burden?
## How to propose a package for inclusion
In order to propose a new package for inclusion, [open an issue using the "New Package Request" template](https://github.com/flatcar/Flatcar/issues/new?assignees=&labels=kind%2Fnew-package&template=new-package-request.md&title=New+Package+Request%3A+%5Bpackage-name%5D).
================================================
FILE: attic/community-meetings/2021-05-11.md
================================================
# Flatcar community call Tuesday, 11th of May, 17:30 CEST
- [Slide deck](2021-05-11-slides.pdf)
- Youtube recording: [https://youtu.be/YBfq2fcjp8E](https://youtu.be/YBfq2fcjp8E)
# Call Agenda
## Welcome
- Introduction to the new community meetings
- Meet the team
- Review agenda
- Introduction: Brief intro of the team and community members participating in the call
## Flatcar Interoperability
Review of our work on interoperability and how we plan to track/report
## Upcoming releases
We give a brief overview of upcoming releases and the features included.
## Spotlight: CAPI
Details on our ClusterAPI work so far and future plans
## Community Q&A
Open Q&A / discussion
# Call Minutes
The meeting largely followed the [slide deck](2021-05-11-slides.pdf). After the presentation, community participants raised a total of 3 questions.
1. The Flatcar team, Thilo, Sayan, Marga, Dongsu, Mathieu, Andy, Kai, and Iago introduce themselves.
2. Andy briefly addresses the future of Flatcar following Kinvolk's acquisition by Microsoft.
- “[...] we want to assure the Flatcar community that Microsoft and the Kinvolk team will continue to collaborate with the larger Flatcar community on the evolution of Flatcar Container Linux.” - Brendan Burns, Microsoft
- “This will not be a replay of the movie you’ve seen before. In fact, we and Microsoft are committed to doubling down on the Flatcar community: we want to expand the universe of partners, contributors, and users, to ensure a vibrant, successful and sustainable long-term future for Flatcar as a truly open, community-driven project.” - Chris Kühl, Kinvolk
3. Thilo introduces monthly community calls and the new community focus of the Flatcar project, overcoming and leaving behind its single vendor past.
4. Marga introduces the [interop matrix](../interop-matrix.md) as a means to track Flatcar's support of runtime environments (clouds, on premise, etc.).
- Some environments, while supported, do not currently have an owner.
- The project aims to have community owners who operate workloads / clusters in the respective environments, in the long term.
5. Andy elaborates on Flatcar's core philosophy and shares details on stabilisation process and on release cadence.
- Alpha introduces new major versions, which then transition to Beta and Stable. Not every Alpha is promoted to Beta, not every Beta becomes Stable.
- Frequent Alpha releases, every 2 weeks on average.
- Beta release for (typically) every second Alpha, with patch releases in between.
- Stable releases roughly every 2 months.
- "golden" Stable to become LTS once a year.
6. Sayan summarises the last round of releases, and provides an outlook of upcoming releases.
- April 28th round shipped new major Alpha (2857.0.0) and Beta (2823.1.0) versions, and patch level updates to Stable (2765.2.3) and to LTS (2605.15.1).
- Alpha release removes `rkt` and `kubelet-wrapper`. The changes will transition to Beta in June, and to Stable in July.
- Upcoming May 19th releases will ship a new major Alpha (2879.0.0) and patch level updates to Beta, Stable, and LTS.
7. Dongsu provide an overview of ClusterAPI, and elaborates on our work to add Flatcar support to CAPI.
- CAPI utilises a management cluster to deploy workload clusters on a variety of inrastructure providers.
- Adding OS support for providers requires a separate implementation for each; there is no unified standard for OS config.
- OS images are provided via the ClusterAPI Image Builder project.
- Workload clusters are provisioned via the ClusterAPI Bootstrap provider.
- Current Flatcar status:
- QEmu and AWS OS images supported for Flatcar in Image builder.
- Bootstrap (kubeadm) Ignition support added to enable Flatcar OS config.
- AWS provider Ignition support added to enable Flatcar OS config.
- Future plans:
- support other cloud providers (Metal3, Azure, vSphere, Tinkerbell, Equinix Metal)
8. Thilo shares call for action to the community to join the project
## Q&A
- Q: **What's the relationship between ClusterAPI and Lokomotive?**
- Iago: Currently, no direct relation. We plan to investigate using parts of CAPI in the future, e.g. provisioning, but we do not plan to support the full-blown management / workload clusters pattern at this time.
- Q: **here seems to be a lack of bare metal deployments / supported platforms in the compatibility matrix - is this intentional? Do we exepct Flatcar to "just work" since it's using Linux? Is there potential to add bare metal platforms (we use / plan to use Flatcar primarily on bare metal)?**
- Thilo: It's Linux, as long as it PXE boots, you should be fine.
- Andy: Are we discussing a hardware compatibility list?
- Jannik: Not quite, however since we'll be running on bare metal we'll also test our bare metal. We're willing to support the community for our use cases.
- Vincent: Currently, if you run into issues it's best to just open a ticket. If you'd like to expose your work to the community (test results etc.) you're of course welcome to do so!
- Kai: We cover bare metal PXE boot / ignition config implicitly by our Equinix Metal workloads / CI / release tests. Lokomotive also maintains a bare metal CI test which covers PXE boots and deployments.
- Marga: It's a good point that our interop matrix currently does not discuss hardware support at all. For instance, it's tribal knowledge that Flatcar boots on Rasperry Pi (with some tweaks), but that's not documented anywhere.
- Andy: This might be something we should involve the larger community with, e.g. establishing a hardware interop list for users' existing deployments. Individual users then could volunteer to keep that list up to date for new releases since they'd be testing the release on their hardware anyway.
- Jannik: We could use the hardware interop doc to also share tweaks / notes for specific environments more easily.
- Q: **Can you talk about ARM64 support? There's Alpha support, but what's the path to Beta and Stable?**
- Thilo: It's work in progress, we staffed / resourced this concern very recently. Some plumbing level and package upgrades are necessary to make things work for Stable, these are being worked on as we speak.
- Kai: A number of system components' tests are currently failing. We're also interested in hardware enablement, i.e. getting feedback on our ARM64 kernel config / modules on different ARM64 platforms. Other than that, it's about ensuring our release tests pass.
- Thilo: We need to discuss this in terms of support levels - you could go ahead and use Alpha ARM64 support today, there are no deal breakers we know of - it will support your workload.
It just won't support the entire range of Flatcar features, and some boot-up units might fail (SELinux in particular).
We're working on bringing up these components on ARM64.
================================================
FILE: attic/community-meetings/2021-06-08.md
================================================
# Flatcar community call Tuesday, 8th of June, 17:30 CEST
- [Slide deck](2021-06-08-slides.pdf)
- Youtube recording: [https://www.youtube.com/watch?v=cZ4o-ZD6r10&t=235s](https://www.youtube.com/watch?v=cZ4o-ZD6r10&t=235s)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
- Review the meeting agenda.
## Spotlight: Nebraska update server
- Brief presentation of Flatcar’s open source update server.
## Spotlight: Nightlies, Tests, and Releases
- Brief presentation of Flatcar’s test and releases process.
## Status update: ARM64
- What’s done, what’s missing, and how to help.
## Releases review & planning
- We share details of the May 19th release, some bumps encountered.
- We plan the next releases, including new features, bug fixes, and related PRs.
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
# Call Minutes
As usual, the meeting minutes will be added here after the call.
[tbd.]
## Q&A
No questions this time.
================================================
FILE: attic/community-meetings/2021-07-13.md
================================================
# Agenda for the Flatcar community call on Tuesday, 13th of July, 17:30 CEST
## Links for participants
- [Slide deck](2021-07-13-slides.pdf)
- Youtube live stream link (for passively watching): [http://www.youtube.com/watch?v=jcwH4ZTrXnk](http://www.youtube.com/watch?v=jcwH4ZTrXnk)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
- Review the meeting agenda.
## Spotlight: Flatcar Release Process
- We will be talking about the Flatcar Release Process and Planning.
## Status update: ARM64
- List of release tests that fail
- Deep dive into selected test failures
## NEW: Release planning
- Introducing our public release planning board
- Items to be in the release of the week of July 21st
- Community input wanted for upcoming releases!
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
# Call Minutes
1. Sayan introduces agenda for today:
- Flatcar releases
- Arm updates
- Flatcar release planning
- QA
2. Flatcar team introduce themselves: Sayan, Jeremi, Kai, Marga, William, Danielle (program manager for ARM support for Flatcar)
3. Kai talks about Flatcar Release Process
- In contrast to regular distros, releases are not just bi-yearly but more frequent
- Update granularity is whole image, not single packages
- Releases are based on package updates, open PRs that are ready, and critical security fixes
- Build is performed on private Jenkins instance, from scratch
- Flatcar test suite runs on PRs
- Big test run right before a release may uncover issues not found during development
- Each release is signed and gets uploaded to our website and all supported cloud providers
- Release planning happens every two weeks: review pending PRs and see if they can be fast tracked into the release
- Release planning board has been made public today (https://github.com/orgs/kinvolk/projects/15) 😊 Community input is welcome!
- Build/Test:
- New SDK is produced on alpha release
- Update signature is always cryptographically verified
- Nightlies: packages from nightly builds can be consumed by SDK
- Planned improvements to the CI process
- Setting up a community accessible CI system (Concourse maybe)
- Setting up automatic CI for PRs
- Making release scripts independent of Jenkins and making it possible to build releases on dev machines
4. William talks about state of ARM64:
- William lists failing test cases
- A lot of test cases seem to be failing due to similar root causes, we hope the community can help investigate
- Ongoing work in the ARM64 stream:
- Polkit depends on spidermonkey, but spidermonkey is complex for cross-compilation and ARM64
- We are going to replace spidermonkey with duktape like others in open source community have done
- Help welcome! Find us on Matrix/IRC "wrl"
5. Sayan talks about recent releases:
- Alpha 2920.0.0, Beta 2905.1.0
- There will be monthly community call for release planning and a smaller bi-weekly to check progress
- Sayan introduces the planning board (https://github.com/orgs/kinvolk/projects/15)
- Columns for planned/in-progress/ready-for-review and items-completed for the closest update of alpha (and bumps of the other release channels).
## Q&A
* Q (Adam): migrated from CoreOS to Flatcar for hosting bioinformatics workloads on Kubernetes. Hitting limits on ignition file sizes on AWS (16K), wondering about possibility of using compression to buy some more time (ignition v3). Is ignition the right thing to use, plans for upgrade (flatcar is currently on v2)?
* A (Kai): Probably will upgrade to v3 at some point, but keep v2 support unlike upstream. For the AWS issue, recommend fetching bigger ignition payloads from S3, is secured by IAM.
* Q (Adam): what's the practical difference between cloud-config vs. Ignition. If cloud-config works for us, should we still migrate?
* A (Kai): differences: ignition runs during initramfs, before systemd from rootfs starts, allowing more customization and potentially sparing users from a reboot. Also ignition runs once and not on every boot. Coreos-cloudconfig is an independent Go implementation of the Python cloudconfig found in Ubuntu. It’s not actively developed but will stick around.
================================================
FILE: attic/community-meetings/2021-07-26.md
================================================
# Agenda for the Flatcar Release Planning call on Monday, 26th of July, 17:30 CEST
## Links for participants
- Call (for actively participating): [https://zoom.us/j/99741357880](https://zoom.us/j/99741357880)
- Youtube live stream link (for passively watching): https://www.youtube.com/watch?v=SM4lfaITzsI
- Release Planning Board: [https://github.com/orgs/kinvolk/projects/15](https://github.com/orgs/kinvolk/projects/15)
## Welcome
- Brief introduction of new participants or attendees
- Status of the previous Flatcar Release
- Planning for the upcoming release for the week of August 2nd.
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
# Call Minutes
As usual, the meeting minutes will be added here after the call.
================================================
FILE: attic/community-meetings/2021-08-10.md
================================================
# Flatcar community call Tuesday, 10th of August, 5:30 pm CEST
- [Slide deck](2021-08-10-slides.pdf)
- Youtube recording: [https://www.youtube.com/watch?v=Hy34rw7kax8](https://www.youtube.com/watch?v=Hy34rw7kax8)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
- Review the meeting agenda.
## News
- New section! We will discuss news and happenings in the Flatcar world, including how the team handled issues recently with Cilium interoperability and an image availability failure.
## Spotlight: Docker 20.10 / cgroups v2 update
- Docker 20 and CGroups v2 (unified mode) are coming to Flatcar Linux! We'll give an overview of the challenges and the implications, as well as discuss the timeline.
## Spotlight community committer: contributing to Flatcar
- What it took Aniruddha to contribute to Flatcar and solve the locksmith reboot issue.
## Status update: ARM64
- What’s done, what’s missing, and how to help.
## Releases review & planning
- Update from our planning for the next releases, including new features, bug fixes, and related PRs.
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-08-23.md
================================================
# Agenda for the Flatcar Release Planning call on Monday, August of 23rd, 17:30 CEST
## Links for participants
- Call (for actively participating): [https://us06web.zoom.us/j/85781192057](https://us06web.zoom.us/j/85781192057)
- Youtube live stream link (for passively watching): http://www.youtube.com/watch?v=TfmiNy5020g
- Release Planning Board: [https://github.com/orgs/kinvolk/projects/15](https://github.com/orgs/kinvolk/projects/15)
## Welcome
- Brief introduction of new participants or attendees
- Status of the previous Flatcar Release
- Planning for the upcoming release for the week of August 30th.
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-09-14.md
================================================
# Flatcar community call Tuesday, 14th of September, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
- [Slide deck](2021-09-14-slides.pdf)
- Youtube recording: http://www.youtube.com/watch?v=9YxsZYyQrkA
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
## News
- We will discuss news and happenings in the Flatcar world, including our move out of the Kinvolk github org / website back into our own, features coming to the Flatcar community release images, and the results of our recent user survey.
## Spotlight: Equinix Metal's use of Flatcar Container Linux
- Andy Holtzmann [@andy-v-h](https://github.com/andy-v-h) gives an introduction on EM's use of Flatcar.
## Status update: ARM64
- Progress made, remaining items, and next steps.
- Ed Vielmetti [@vielmetti](https://github.com/vielmetti) shares information on the "Works on ARM" project at Equinix Metal, inclunding hardware available today and in the near future.
## Releases review & planning (updated section!)
- We'll wrap up changes for the upcoming release (week of September 20) and will plan items we aim to integrate for the release after that (week of October 4th).
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-09-28.md
================================================
# Agenda for the Flatcar Release Team call on Tuesday, September 28th, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
## Links for participants
* Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
* Meeting ID: 843 3611 6610
* Passcode: 444888
- Youtube live stream / recording: [https://www.youtube.com/watch?v=XbkHZMJlC8g](https://www.youtube.com/watch?v=XbkHZMJlC8g)
- Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
## Welcome
- Brief introduction of new participants or attendees
- Status of the previous Flatcar Release
- Status/Planning for the release for the week of October 4th
- Planning for the release for the week of October 18th
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-10-19.md
================================================
# Flatcar community call Tuesday, 19th of October, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
- [Slide deck](2021-10-11-slides.pdf)
- Youtube recording: [https://www.youtube.com/watch?v=YP9HnYxepVo](https://www.youtube.com/watch?v=YP9HnYxepVo)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
## News
- We will discuss news and happenings in the Flatcar world.
- We will elaborate on recent issues with our CI infrastructure, and repercussions for people using the SDK or the developer container.
- Today's call won't have a release planning section (there's a dedicated release planning coming up right next week).
- We're participating in [Hacktoberfest](https://hacktoberfest.digitalocean.com/), your contribution to a Flatcar repo will count!
## Spotlight: Flatcar dev mini-projects
- Support for Ignition v3
- Flog, the automated changelog generator
- SDK container
## Status update: ARM64
- Progress made, remaining items, and next steps.
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-10-26.md
================================================
# Agenda for the Flatcar Release Team call on Tuesday, October 26th, 5:30pm CEST / 9pm IST / 3:30pm GMT / 11:30am EDT / 8:30am PST
## Links for participants
- Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
- Meeting ID: 820 5424 0491
- Passcode: 444888
- Youtube live stream / recording: [https://www.youtube.com/watch?v=xh-MkIoZvVw](https://www.youtube.com/watch?v=xh-MkIoZvVw)
- Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
## Welcome
- Brief introduction of new participants or attendees
- Status of the previous Flatcar Release
- Status/Planning for the release for the week of November 1st
- Planning for the release for the week of November 15th
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-11-09.md
================================================
# Flatcar community call Tuesday, 9th of November, 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
- Zoom link: [https://us06web.zoom.us/j/84336116610](https://us06web.zoom.us/j/84336116610)
- Meeting ID: 843 3611 6610
- Passcode: 444888
- Youtube live stream / recording: https://www.youtube.com/watch?v=5XCgOByOSeQ
- Community Calls calendar (all future calls): [link](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com)
- iCal version: [link](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
## News
- We will discuss news and happenings in the Flatcar world.
- CGroups V2 are coming to stable
- ARM64 goes beta
## Spotlight: Flatcar dev mini-projects
- OpenSSL 3.0 in Alpha-3046.0.0 FIPS provider showcase
- ignition-as-a-service: online ignition transpiler
- Flatcar on Firecracker hack + demo
## Status update: ARM64
- Progress made, next steps, and path to stable.
## Release planning
- Status/Planning for the release for the week of November 15th
- Planning for the release for the week of November 29th
## Q&A
- Questions from community participants, answered by the Flatcar maintainers - e.g. feedback on the new Stable release w/ cgroups v2.
================================================
FILE: attic/community-meetings/2021-11-23.md
================================================
# Agenda for the Flatcar Release Team call on Tuesday, 23rd of November 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
## Links for participants
- Zoom link: [https://us06web.zoom.us/j/82054240491](https://us06web.zoom.us/j/82054240491)
- Meeting ID: 820 5424 0491
- Passcode: 444888
- Youtube live stream / recording: [https://www.youtube.com/watch?v=VUzMuZgFQfY](https://www.youtube.com/watch?v=VUzMuZgFQfY)
- Release Planning Board: [https://github.com/orgs/flatcar-linux/projects/5](https://github.com/orgs/flatcar-linux/projects/5)
## Welcome
- Brief introduction of new participants or attendees
- Status of the previous Flatcar Release
- Status/Planning for the release for the week of November 29th
- Planning for the release for the week of December 13th
## Q&A
- Questions from community participants, answered by the Flatcar maintainers.
================================================
FILE: attic/community-meetings/2021-12-17.md
================================================
# Agenda for the Flatcar community call on Friday, 17th of December 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
- [Slide deck](2021-12-17-slides.pdf)
- Youtube recording: [https://www.youtube.com/watch?v=1YsY9XEtF7Q](https://www.youtube.com/watch?v=1YsY9XEtF7Q)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
## News
- We will discuss news and happenings in the Flatcar world.
- ARM64 goes stable
- Flatcar CAPI support with CAPI release 1.1
## Q&A
- Questions from community participants, answered by the Flatcar maintainers
================================================
FILE: attic/community-meetings/2022-01-11.md
================================================
# Agenda for the Flatcar community call on Tuesday, 11th of January 5:30pm CET / 10pm IST / 4:30pm GMT / 11:30am EST / 8:30am PST
- Zoom link: [https://us06web.zoom.us/j/84336116610](https://us06web.zoom.us/j/84336116610)
- Meeting ID: 843 3611 6610
- Passcode: 444888
- Youtube live stream / recording: [link](https://www.youtube.com/watch?v=X_nqgXLOmLk)
- [Slide deck](2022-01-11-slides.pdf)
- Community Calls calendar (all future calls): [link](https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com)
- iCal version: [link](https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics)
## Welcome
- Brief intro / check-in of all participants in the Zoom call. Please introduce yourself and share what brings you here today.
## News
- 5.15 Kernel in Alpha
- upcoming FOSDEM devroom talks overview
## Spotlight
- 2021 recap - cgroupsv2, systemd updates, docker 20, ARM64
- Flatcar on Raspberry Pi blog
- Fleetlock (@aniruddha2000, @tormath1 )
## Release planning
- Ongoing and upcoming releases (https://github.com/orgs/flatcar-linux/projects/5)
## Q&A
- Questions from community participants, answered by the Flatcar maintainers
================================================
FILE: attic/community-meetings/README.md
================================================
# Old-style community meeting agendas and presentation slides
Community meeting planning / agendas has moved to [Github discussions](../../../../discussions/categories/community-meeting-agenda)
This section in the attic contains agenda markdown files of "old style" Flatcar community calls where the agenda was agreed on in a PR instead of a github discussion.
Also archived here are slide decks used in these meetings.
================================================
FILE: governance.md
================================================
# Flatcar Project Governance
Flatcar is a community based project, anyone who wants to participate is welcomed.
We adopted the [CNCF code of Conduct](./CODE_OF_CONDUCT.md) as we pledge to be an opening and welcoming community for anyone who want to participate in it.
The project is governed by a flat hierarchy - a group of people sharing a common vision of Flatcar in accordance to its mission statement.
This goverance explains how the project is run.
- [Values](#values)
- [Maintainers](#maintainers)
- [Becoming a Maintainer](#becoming-a-maintainer)
- [Meetings](#meetings)
- [CNCF Resources](#cncf-resources)
- [Code of Conduct Enforcement](#code-of-conduct)
- [Security Response Team](#security-response-team)
- [Voting](#voting)
- [Modifications](#modifying-this-charter)
## Values
The Flatcar project, its leadership, and its maintainers embrace the following values:
* Openness: Communication and decision-making happens in the open and is discoverable for future
reference. As much as possible, all discussions and work take place in public
forums and open repositories.
* Fairness: All stakeholders have the opportunity to provide feedback and submit
contributions, which will be considered on their merits.
* Community over Product or Company: Sustaining and growing our community takes
priority over shipping code or sponsors' organizational goals. Each
contributor participates in the project as an individual.
* Inclusivity: We innovate through different perspectives and skill sets, which
can only be accomplished in a welcoming and respectful environment.
* Participation: Responsibilities within the project are earned through
participation, and there is a clear path up the contributor ladder into leadership
positions.
## Maintainers
Flatcar Maintainers have full access to most of the repositories in the [Flatcar project](https://github.com/orgs/flatcar/), except for very few repositories that contain sensitive information, e.g. for with undisclosed security issues (see [SECURITY.md](./SECURITY.md) for more information).
Maintainers can merge PRs, approve PR builds+tests, and create and publish releases.
Maintainers collectively manage the project's resources, interact with contributors, elect new maintainers, and remove inactive ones.
The current list of maintainers can be found in [MAINTAINERS.md](./MAINTAINERS.md). Most maintainer access privileges are granted via membership of the Flatcar Github organisation's [Flatcar Maintainers team](https://github.com/orgs/flatcar/teams/flatcar-maintainers).
This privilege is granted with some expectation of responsibility: maintainers
are people who care about the Flatcar project and want to help it grow and
improve. A maintainer is not just someone who can make changes, but someone who
has demonstrated their ability to collaborate with the team, get the most
knowledgeable people to review code and docs, contribute high-quality code, and
follow through to fix issues (in code or tests).
A maintainer is a contributor to the project's success and a citizen helping
the project succeed.
The collective team of all Maintainers is known as the Maintainer Council, which
is the governing body for the project.
### Becoming a Maintainer
Maintainers are active community members who are responsible for the overall quality and stewardship of the project, and are expected to remain actively involved in the project and participate in voting and discussing of proposed project level changes.
Anyone with an established track record of contributions to the project can become a maintainer.
The contributions are expected to be substantial, and must demonstrate a commitment to the long-term success of the project.
Maintainership is not limited to engineering / development merits; all contributions - e.g. working with issues, providing guidance and feedback to users, reviewing PRs, contributing to docs, evangelising Flatcar - count.
Becoming a maintainer is about building trust with the current maintainers of the project and being a person that they can depend on to make decisions in the best interest of the project in a consistent manner.
Maintainer candidates should have demonstrated they:
- Collaborate well.
- Have a deep and comprehensive understanding of the Flatcar code base, technical goals, and directions.
- Actively engage with major Flatcar feature proposals and implementations.
The Flatcar project welcomes both development as well as community-focuses contributions.
To gain maintainership, the following is expected:
* commitment to the project's continued success:
* participate in discussions, contributions, code and documentation reviews for 6 months or more,
* actively evangelise Flatcar in at least 20 talks/presentations at 10 different conferences or meetups
* organise and chair at least 15 maintainer events, e.g. bug fixing or doc writing days, with at least 5 maintainers participating each event
* Contribute to the project's development
* perform reviews for 30 non-trivial pull requests,
* contribute 10 non-trivial pull requests and have them merged,
* ability to write quality code and/or documentation,
* ability to collaborate with the team,
* demonstrated understanding of how the team works (policies, processes for testing and code review, etc),
* understanding of the project's code base and coding and / or documentation style.
Periodically, the existing maintainers curate a list of contributors that have shown regular activity on the project over the prior months.
The nominating maintainer will create a PR to update the Maintainers List.
It is recommended to describe the reasons for the nomination and the contribution of the nominee in the PR.
Upon consensus of incumbent maintainers, the PR will be approved and the new maintainer becomes active.
Maintainers who are selected will be granted the necessary GitHub rights.
### Removing a Maintainer
Life priorities, interests, and passions can change.
If you're a maintainer but feel you must remove yourself from the list, inform other maintainers that you intend to step down, and if possible, help find someone to pick up your work.
At the very least, ensure your work can be continued where you left off.
After you've informed other maintainers, create a pull request to remove yourself from the [MAINTAINERS](MAINTAINERS.md) file.
If applicable, include a change to [EMERITUS_MAINTAINERS](EMERITUS_MAINTAINERS.md) to add yourself to the list of emeritus maintainers.
This will ease your return to active maintainership in the future.
Maintainers may also be removed after being inactive, failure to fulfill their
Maintainer responsibilities, violating the Code of Conduct, or other reasons.
Inactivity is defined as a period of very low or no activity in the project
for a year or more, with no definite schedule to return to full Maintainer
activity.
A Maintainer may be removed at any time by a 2/3 vote of the remaining maintainers.
Depending on the reason for removal, a Maintainer may be converted to Emeritus
status. Emeritus Maintainers will still be consulted on some project matters,
and can be rapidly returned to Maintainer status if their availability changes.
## Meetings
Time zones permitting, Maintainers are expected to participate in the Flatcar Developer Syncs meeting every 4th Wednesday of a month.
The meeting time observes the Universal Coordinated time. It occurs at 2:30pm UTC.
Depending on your local timezone, the slot might be subject to summer time changes.
* During daylight saving time, the meeting occurs at 8pm IST (IST does not observe daylight saving time) / 4:30pm CEST / 10:30am EDT / 7:30am PST.
* Outside of daylight saving time, the meeting occurs at 8pm IST / 3:30pm CET / 9:30am EST / 6:30am PST.
A calendar is available to ease planning. The calendar contains Developer syncs, project office hours, and one-off events like bug fixing or doc writing days.
* Google calendar link: https://calendar.google.com/calendar/u/0/embed?src=c_ii991mqrpta9en8o7ofd4v19g4@group.calendar.google.com
* iCal link (for importing): https://calendar.google.com/calendar/ical/c_ii991mqrpta9en8o7ofd4v19g4%40group.calendar.google.com/public/basic.ics
Maintainers will also have closed meetings in order to discuss security reports
or Code of Conduct violations. Such meetings should be scheduled by any
Maintainer on receipt of a security issue or CoC report. All current Maintainers
must be invited to such closed meetings, except for any Maintainer who is
accused of a CoC violation.
## CNCF Resources
Any Maintainer may suggest a request for CNCF resources during a
meeting. A simple majority of Maintainers approves the request. The Maintainers
may also choose to delegate working with the CNCF to non-Maintainer community
members, who will then be added to the [CNCF's Maintainer List](https://github.com/cncf/foundation/blob/main/project-maintainers.csv)
for that purpose.
## Code of Conduct
[Code of Conduct](./code-of-conduct.md)
violations by community members will be discussed and resolved
on the [private Maintainer mailing list](maintainers@flatcar-linux.org). If a Maintainer is directly involved
in the report, the Maintainers will instead designate two Maintainers to work
with the CNCF Code of Conduct Committee in resolving it.
## Security Response Team
The Maintainers will appoint a Security Response Team to handle security reports.
This committee is a sub-set of the Maintainer Council with full access to undisclosed security issues tracked by the project.
Members of the Security Response team as well as respective access permissions to sensitive data are administrated via membership in the [Flatcar Github organisation's Security team](https://github.com/orgs/flatcar/teams/flatcar-security-team).
The Maintainers will review who is assigned to this at least once a year.
The Security Response Team is responsible for handling all reports of security
issues and breaches according to the [security policy](./SECURITY.md).
## Voting
While most business in Flatcar is conducted by "[lazy consensus](https://community.apache.org/committers/lazyConsensus.html)",
periodically the Maintainers may need to vote on specific actions or changes.
A vote can be taken on
[the private Maintainer mailing list](maintainers@flatcar-linux.org) for security or conduct matters.
Votes may also be taken at [Flatcar Developer Syncs meetings](https://meet.flatcar.org/OfficeHours). Any Maintainer may
demand a vote be taken.
Most votes require a simple majority of all Maintainers to succeed, except where
otherwise noted. Two-thirds majority votes mean at least two-thirds of all
existing maintainers.
## Modifying this Charter
Changes to this Governance and its supporting documents may be approved by
a 2/3 vote of the Maintainers.
================================================
FILE: interop-matrix.md
================================================
# Flatcar inter-operation matrix
This document tracks Flatcar inter-operability across environments.
Ownership of an item implies ensuring test coverage in release tests of official Flatcar releases (L2 and above) as well as handling bugs and feature requests that affect the respective environment specifically.
Please propose ownership by filing a PR for this document.
## Public cloud (machines)
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| EC2 | Partial | X | X | @flatcar/flatcar-maintainers | | IAM 2.0 support missing |
| Azure | X | X | X | @flatcar/flatcar-maintainers | | |
| GCE | X | X | X | @flatcar/flatcar-maintainers | | |
| Digital Ocean (VMs) | X | X | X | @flatcar/flatcar-maintainers | | |
| Equinix Metal | X | X | X | @flatcar/flatcar-maintainers | | |
| ESXi / vSphere | X | X | X | @flatcar/flatcar-maintainers | | |
| Hetzner Cloud | | X | | [no owner] | | |
| Vultr VPS | | X | | [no owner] | | |
| Cloudscale | | X | | [no owner] | | |
| Oracle Cloud | | X | | [no owner] | | Bring-your-own-image on OCI VMs; install via Ubuntu on OCI bare metal |
| Tencent | | | | [no owner] | | |
| AliCloud | | | | [no owner] | | |
| Yandex | | | | [no owner] | | |
| Brightbox | X | X | X | @flatcar/flatcar-maintainers | | |
## Private Cloud (machines)
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| Azure Stack | | w/ caveat | | [no owner] | | controller node not supported on Flatcar (cloud-init feature missing) |
| Tinkerbell | | X | | [no owner] | | |
| Rancher (VMs) | | X | | [no owner] | | |
| QEmu / KVM backed | X | X | X | @flatcar/flatcar-maintainers | | |
| OpenStack | X | X | X | @flatcar/flatcar-maintainers | | |
| VirtualBox | | X | | [no owner] | | |
| Vagrant | | X | | [no owner] | | Isn't this plain qemu/kvm? |
## Managed Kubernetes
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| EKS | | X | | [no owner] | | |
| GiantSwarm | | X | | Provider | | |
## Cluster API
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| CAPB | X | X | X (upstream) | Upstream | | Covered by CAPB release tests |
| CAPA | X | X | X (upstream) | Upstream | | Covered by CAPA release tests |
| CAPA EKS | | | | [no owner] | | |
| CAPZ | | w/ caveat | | @flatcar/flatcar-maintainers | | WIP Prototype |
| CAPV | | [no owner] | | | |
| CAPM3 | | [no owner] | | | |
| CAPG | | [no owner] | | | |
| CAPO | | X | X (upstream) | Upstream | | |
## Kubernetes Distros
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| AKS Engine | | X | | [no owner] | | https://kinvolk.io/blog/2020/12/supercharging-aks-engine-with-flatcar-container-linux/ |
| Rancher (rke) | | X | | [no owner] | | |
| Rancher (rke2) | | | | [no owner] | | |
| Lokomotive | X | X | X | @kinvolk/lokomotive-developers | | |
| Tanzu KG | | X | | [no owner] | | |
| K3s | | X | | [no owner] | | |
| EKS-Distro | | X | | [no owner] | | |
| KOPS | | X | | upstream | | |
| Kubematic | | X | | [no owner] | | |
| Gardener | | X | | [no owner] | | |
## Other
Please add below what does not fit into any of the categories above.
| Environment | Full-Feature (release blocker) | Works | Tested (CI) | Owner | Reference (e.g. GH issue) | Notes |
|-------------|--------------------------------|-------|-------------|-------|---------------------------|-------|
| | | | | | | |
================================================
FILE: sync-maintainers/README
================================================
A personal access token with public_repo scope is needed.
Usage:
```
python3 -m venv venv
. venv/bin/activate
pip install -r requirements.txt
./sync-maintainers.py list
./sync-maintainers.py repo --repo=REPONAME
GITHUB_TOKEN=... ./sync-maintainers github --repo=REPONAME
```
================================================
FILE: sync-maintainers/requirements.txt
================================================
requests
black
================================================
FILE: sync-maintainers/sync-maintainers.py
================================================
#!/usr/bin/env python3
import requests
import json
import subprocess
import os
import sys
import argparse
def parse(m):
para = []
repos = []
while len(m):
line = m.pop(0)
if line == "# Maintainers":
line = m.pop(0)
while not line.startswith("#"):
para.append(line)
line = m.pop(0)
if line.startswith("###"):
repo = line.split("### ")[1].strip()
maint = []
m.pop(0) # maintainers:
line = m.pop(0)
while line.startswith("* "):
maint.append(line)
line = m.pop(0) if len(m) else ""
if repo != "Flatcar":
repos.append((repo, maint))
return para, repos
MAINTAINERS_TEMPLATE = """# Maintainers
{maintainers}
{paragraph}
The contents of this file are synchronized from [Flatcar/MAINTAINERS.md](https://github.com/flatcar/Flatcar/blob/main/MAINTAINERS.md).
"""
def write_maintainers_file(repo_name, paragraph, maintainers):
maintainers_entry = "\n".join(maintainers)
maintainers_content = MAINTAINERS_TEMPLATE.format(
maintainers=maintainers_entry, paragraph=paragraph
)
repo_filename = f"{repo_name}/MAINTAINERS.md"
with open(repo_filename, "w") as f:
f.write(maintainers_content)
BRANCH_NAME = "sync-maintainers"
def checkout_branch(repo_name):
return subprocess.run(
["git", "-C", repo_name, "checkout", "-B", BRANCH_NAME, "origin/HEAD"],
check=True,
)
def commit(repo_name):
subprocess.run(["git", "-C", repo_name, "add", "MAINTAINERS.md"], check=True)
subprocess.run(
[
"git",
"-C",
repo_name,
"commit",
"-m",
"Sync maintainers file from flatcar/flatcar repository",
],
check=True,
)
def push(repo_name):
subprocess.run(
["git", "-C", repo_name, "push", "--force", "origin", BRANCH_NAME], check=True
)
def parse_maintainers(repo=None):
maint_file = "../MAINTAINERS.md"
with open(maint_file) as f:
m = f.read().splitlines()
para, repos = parse(m)
paragraph = "\n".join(para).strip()
if repo:
repos = [r for r in repos if r[0] == repo]
return repos, paragraph
def main_repo(args):
repos, paragraph = parse_maintainers(args.repo)
for (repo_name, maintainers) in repos:
repo_url = f"git@github.com:flatcar/{repo_name}"
subprocess.run(["git", "clone", "--depth=1", repo_url])
checkout_branch(repo_name)
write_maintainers_file(repo_name, paragraph, maintainers)
commit(repo_name)
push(repo_name)
def prepare_req(repo, token, api):
api = "/" + api if api else ""
url = f"https://api.github.com/repos/flatcar/{repo}{api}"
headers = {
"Accept": "application/vnd.github+json",
f"Authorization": "Bearer {token}",
}
return url, headers
def get_pr(repo, token):
url, headers = prepare_req(repo, token, "pulls")
params = {"state": "open", "head": f"flatcar:{BRANCH_NAME}"}
return requests.get(url, headers=headers, params=params)
def get_default_branch(repo, token):
url, headers = prepare_req(repo, token, "")
resp = requests.get(url, headers=headers).json()
return resp["default_branch"]
def create_pr(repo, token, base):
url, headers = prepare_req(repo, token, "pulls")
data = {
"title": "Sync MAINTAINERS.md",
"head": f"flatcar:{BRANCH_NAME}",
"base": base,
}
return requests.post(url, headers=headers, json=data)
def update_assignees(repo, token, pr, assignees):
url, headers = prepare_req(repo, token, f"pulls/{pr}/requested_reviewers")
data = {"reviewers": assignees}
return requests.post(url, headers=headers, json=data)
def get_assignees(maintainers):
assignees = [e.split("@")[1] for e in maintainers]
return assignees
def main_github(args):
token = os.getenv("GITHUB_TOKEN")
if not token:
raise Exception("Missing GITHUB_TOKEN env variable")
repos, _ = parse_maintainers(args.repo)
for (repo_name, maintainers) in repos:
pr = get_pr(repo_name, token).json()
if not pr:
print(f"{repo_name} creating pr")
base = get_default_branch(repo_name, token)
pr = [create_pr(repo_name, token, base).json()]
prnum = pr[0]["number"]
assignees = get_assignees(maintainers)
resp = update_assignees(repo_name, token, prnum, assignees)
if resp.status_code != 201:
print(resp.json())
else:
print("{repo_name} ok")
def main_list(args):
repos, _ = parse_maintainers()
for (repo_name, _) in repos:
print(repo_name)
parser = argparse.ArgumentParser(prog="sync-maintainers.py")
subparser = parser.add_subparsers(required=True, dest="cmd")
parser_repo = subparser.add_parser("repo", help="perform git repository operations")
parser_repo.add_argument("--repo", help="Repository to operate on; default all")
parser_repo.set_defaults(func=main_repo)
parser_github = subparser.add_parser(
"github", help="perform github pull request operations"
)
parser_github.add_argument("--repo", help="Repository to operate on; default all")
parser_github.set_defaults(func=main_github)
parser_list = subparser.add_parser("list", help="list all repositories with entries")
parser_list.set_defaults(func=main_list)
if __name__ == "__main__":
args = parser.parse_args()
args.func(args)